<?php 

// Include the configuration file for error management and such.
require_once ('./includes/config.inc.php'); 

// Set the page title and include the HTML header.
$page_title = 'Newnham College Associates: Associate login';
$site_section = 'Login';
include ('./includes/header.html');

if (isset($_SESSION['user_level'])) { // already logged in
  user_redirect("/assoc.php?assoc={$_SESSION['userid']}");
  exit(); // Quit the script.
} elseif (isset($_POST['submitted'])) { // Check if the form has been submitted.

  require_once ('./mysql_connect.php'); // Connect to the database.

  // Validate the username
  if (!empty($_POST['uname'])) {
    $e = escape_data($_POST['uname']);
  } else {
    echo '<p><font color="red" size="+1">You forgot to enter your user name!</font></p>';
    $e = FALSE;
  }
	
  // Validate the password.
  if (!empty($_POST['pass'])) {
    $p = escape_data($_POST['pass']);
  } else {
    $p = FALSE;
    echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
  }
	
  if ($e && $p) { // If everything's OK.
	
    // Query the database.
    $query = "SELECT user_id, login, level FROM users WHERE (login='$e' AND pass=SHA('$p'))";		
    $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
		
    if (@mysql_num_rows($result) == 1) { // A match was made.

      // Register the values & redirect.
      $row = mysql_fetch_array ($result, MYSQL_NUM); 
      mysql_free_result($result);

      $_SESSION['user_level'] = $row[2];
      $_SESSION['user_name'] = $row[1];
      $user_id = $row[0];
      $_SESSION['userid'] = $user_id;

      $query = "UPDATE users SET last_login = NOW() WHERE user_id = $user_id";
      $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
      mysql_free_result($result);
      mysql_close(); // Close the database connection.
      user_redirect("/assoc.php?assoc={$_SESSION['userid']}");
      exit(); // Quit the script. 
				
    } else { // No match was made.
      echo '<p><font color="red" size="+1">The user name and password entered do not match those on file.</font></p>'; 


    }
    
  } else { // If everything wasn't OK.
    echo '<p><font color="red" size="+1">Please try again.</font></p>';		
  }
	
  mysql_close(); // Close the database connection.

} // End of SUBMIT conditional.

?>

<h1 >Login</h1>
<p>This area of the web site is for Associates only. Please login.
</p>

<form action="login.php" method="post">
<table>
<tr><td>User name:</td>
    <td> <input type="text" name="uname" size="20" maxlength="40" value="<?php if (isset($_POST['uname'])) echo $_POST['uname']; ?>" /></td>
</tr>
<tr><td>Password:</td> 
    <td><input type="password" name="pass" size="20" maxlength="20" /></td>
</tr>
</table>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>

<p>You'll need to have cookies enabled to be able to log in.</p>
<p><a href="forgotten.php">Forgotten password?</a></p>

<?php // Include the HTML footer file.
include ('./includes/footer.html');
?>